guardian-framework 0.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/LICENSE +21 -0
- package/README.md +463 -0
- package/dist/cli.js +12958 -0
- package/dist/exports.js +12765 -0
- package/package.json +61 -0
- package/templates/languages/go-patterns.md +411 -0
- package/templates/languages/java-patterns.md +545 -0
- package/templates/languages/python-patterns.md +312 -0
- package/templates/languages/rust-patterns.md +232 -0
- package/templates/languages/typescript-patterns.md +313 -0
- package/templates/pi/INDEX.md +437 -0
- package/templates/pi/agent/AGENTS.md +166 -0
- package/templates/pi/agents/architecture-coordinator.md +40 -0
- package/templates/pi/agents/architecture-validator.md +36 -0
- package/templates/pi/agents/bootstrap-implementer.md +37 -0
- package/templates/pi/agents/issue-factory.md +31 -0
- package/templates/pi/agents/operations-validator.md +32 -0
- package/templates/pi/agents/security-validator.md +33 -0
- package/templates/pi/architecture/CHANGELOG.md +78 -0
- package/templates/pi/architecture/decisions/ADR-template.md +76 -0
- package/templates/pi/architecture/diagrams/system-overview.md +159 -0
- package/templates/pi/architecture/modules/module-template.md +152 -0
- package/templates/pi/context/checklists.md +91 -0
- package/templates/pi/context/domain-workflow.md +180 -0
- package/templates/pi/context/output-formats.md +135 -0
- package/templates/pi/context/patterns-base.md +47 -0
- package/templates/pi/context/patterns.md +38 -0
- package/templates/pi/context/project.md +88 -0
- package/templates/pi/domain/exploration.md +93 -0
- package/templates/pi/domain/ubiquitous-language.md +24 -0
- package/templates/pi/extensions/architect-lib/generators.ts +528 -0
- package/templates/pi/extensions/architect-lib/helpers.ts +344 -0
- package/templates/pi/extensions/architect-lib/types.ts +117 -0
- package/templates/pi/extensions/architect.ts +1425 -0
- package/templates/pi/extensions/ask-user-question.ts +579 -0
- package/templates/pi/extensions/bash-guard.ts +556 -0
- package/templates/pi/extensions/config-reload.ts +115 -0
- package/templates/pi/extensions/coordinator.ts +304 -0
- package/templates/pi/extensions/curator.ts +543 -0
- package/templates/pi/extensions/domain-explorer.ts +990 -0
- package/templates/pi/extensions/filechanges.ts +656 -0
- package/templates/pi/extensions/goal-loop.ts +717 -0
- package/templates/pi/extensions/hooks.ts +452 -0
- package/templates/pi/extensions/kanban.ts +547 -0
- package/templates/pi/extensions/pipeline.ts +1246 -0
- package/templates/pi/extensions/plan-mode.ts +209 -0
- package/templates/pi/extensions/project-scaffolder.ts +284 -0
- package/templates/pi/extensions/read-only-mode.ts +192 -0
- package/templates/pi/extensions/redaction.ts +128 -0
- package/templates/pi/extensions/session-persistence.ts +174 -0
- package/templates/pi/extensions/slash-commands.ts +229 -0
- package/templates/pi/extensions/snippets.ts +201 -0
- package/templates/pi/extensions/validation-runner.ts +100 -0
- package/templates/pi/github/agents/architecture-coordinator.agent.md +27 -0
- package/templates/pi/github/agents/architecture-validator.agent.md +20 -0
- package/templates/pi/github/agents/bootstrap-implementer.agent.md +20 -0
- package/templates/pi/github/agents/epic-planner.agent.md +70 -0
- package/templates/pi/github/agents/issue-factory.agent.md +20 -0
- package/templates/pi/github/agents/operations-validator.agent.md +20 -0
- package/templates/pi/github/agents/security-validator.agent.md +20 -0
- package/templates/pi/github/copilot/settings.json +16 -0
- package/templates/pi/github/copilot-instructions.md +155 -0
- package/templates/pi/github/instructions/architecture.instructions.md +71 -0
- package/templates/pi/github/instructions/validation.instructions.md +69 -0
- package/templates/pi/github/workflows/01-planning-workflow.md +75 -0
- package/templates/pi/github/workflows/02-issue-generation-workflow.md +69 -0
- package/templates/pi/github/workflows/03-implementation-workflow.md +80 -0
- package/templates/pi/github/workflows/04-validation-workflow.md +68 -0
- package/templates/pi/preflight_report.json +99 -0
- package/templates/pi/prompts/blueprint-update.md +262 -0
- package/templates/pi/prompts/blueprint-validate.md +218 -0
- package/templates/pi/prompts/bug-fix.md +50 -0
- package/templates/pi/prompts/ci-blueprint.md +131 -0
- package/templates/pi/prompts/context-refresh.md +258 -0
- package/templates/pi/prompts/epic-plan.md +356 -0
- package/templates/pi/prompts/epic-template.md +186 -0
- package/templates/pi/prompts/feature-development.md +131 -0
- package/templates/pi/prompts/git-issues.md +243 -0
- package/templates/pi/prompts/hotfix.md +71 -0
- package/templates/pi/prompts/issue-closeout.md +342 -0
- package/templates/pi/prompts/issue-draft.md +218 -0
- package/templates/pi/prompts/issue-implementation-series.md +173 -0
- package/templates/pi/prompts/issue-merge.md +372 -0
- package/templates/pi/prompts/issue-template-set.md +392 -0
- package/templates/pi/prompts/issue-template.md +207 -0
- package/templates/pi/prompts/pattern-extract.md +269 -0
- package/templates/pi/prompts/plan-to-issues.md +430 -0
- package/templates/pi/prompts/refactoring.md +82 -0
- package/templates/pi/prompts/scope-analyzer.md +254 -0
- package/templates/pi/prompts/sync-check.md +230 -0
- package/templates/pi/scripts/categorize-issues.sh +171 -0
- package/templates/pi/scripts/ci/check_architecture_conformance.sh +748 -0
- package/templates/pi/scripts/ci/check_planning_packet.py +228 -0
- package/templates/pi/scripts/ci/run_hardening_stages.sh +264 -0
- package/templates/pi/scripts/ci/run_preflight.sh +649 -0
- package/templates/pi/scripts/ci/run_stage.sh +193 -0
- package/templates/pi/scripts/ci/stage_docs_policy.sh +82 -0
- package/templates/pi/scripts/ci/stage_integration.sh +3 -0
- package/templates/pi/scripts/ci/stage_lint.sh +130 -0
- package/templates/pi/scripts/ci/stage_migration_verify.sh +3 -0
- package/templates/pi/scripts/ci/stage_package_build.sh +3 -0
- package/templates/pi/scripts/ci/stage_release_readiness.sh +3 -0
- package/templates/pi/scripts/ci/stage_remaining.sh +242 -0
- package/templates/pi/scripts/ci/stage_security.sh +3 -0
- package/templates/pi/scripts/ci/stage_static_analysis.sh +114 -0
- package/templates/pi/scripts/ci/stage_unit.sh +119 -0
- package/templates/pi/scripts/ci/validate_agent_output.py +181 -0
- package/templates/pi/scripts/ci/validate_agent_output.sh +243 -0
- package/templates/pi/scripts/create-feature-branch.sh +136 -0
- package/templates/pi/scripts/create-mr.sh +117 -0
- package/templates/pi/scripts/fetch-issues.sh +131 -0
- package/templates/pi/scripts/generate-architecture.sh +161 -0
- package/templates/pi/scripts/git/close-epic.sh +69 -0
- package/templates/pi/scripts/git/close-issue.sh +35 -0
- package/templates/pi/scripts/git/create-tracking-issue.sh +174 -0
- package/templates/pi/scripts/git/link-issue-to-epic.sh +51 -0
- package/templates/pi/scripts/git/update-tracking-issue.sh +66 -0
- package/templates/pi/scripts/languages/go/validate-architecture.sh +139 -0
- package/templates/pi/scripts/languages/go/validate-canonical.sh +129 -0
- package/templates/pi/scripts/languages/go/validate-ci.sh +132 -0
- package/templates/pi/scripts/languages/go/validate-integration.sh +156 -0
- package/templates/pi/scripts/languages/go/validate-operations.sh +146 -0
- package/templates/pi/scripts/languages/go/validate-security.sh +135 -0
- package/templates/pi/scripts/languages/go/validate-tests.sh +125 -0
- package/templates/pi/scripts/languages/java/validate-annotations.sh +185 -0
- package/templates/pi/scripts/languages/java/validate-architecture.sh +159 -0
- package/templates/pi/scripts/languages/java/validate-canonical.sh +114 -0
- package/templates/pi/scripts/languages/java/validate-ci.sh +269 -0
- package/templates/pi/scripts/languages/java/validate-integration.sh +149 -0
- package/templates/pi/scripts/languages/java/validate-operations.sh +142 -0
- package/templates/pi/scripts/languages/java/validate-security.sh +174 -0
- package/templates/pi/scripts/languages/java/validate-spring-architecture.sh +227 -0
- package/templates/pi/scripts/languages/java/validate-tests.sh +159 -0
- package/templates/pi/scripts/languages/python/validate-architecture.sh +99 -0
- package/templates/pi/scripts/languages/python/validate-canonical.sh +124 -0
- package/templates/pi/scripts/languages/python/validate-ci.sh +130 -0
- package/templates/pi/scripts/languages/python/validate-integration.sh +119 -0
- package/templates/pi/scripts/languages/python/validate-operations.sh +107 -0
- package/templates/pi/scripts/languages/python/validate-security.sh +68 -0
- package/templates/pi/scripts/languages/python/validate-tests.sh +102 -0
- package/templates/pi/scripts/languages/rust/validate-architecture.sh +188 -0
- package/templates/pi/scripts/languages/rust/validate-canonical.sh +146 -0
- package/templates/pi/scripts/languages/rust/validate-ci.sh +147 -0
- package/templates/pi/scripts/languages/rust/validate-integration.sh +149 -0
- package/templates/pi/scripts/languages/rust/validate-operations.sh +154 -0
- package/templates/pi/scripts/languages/rust/validate-security.sh +153 -0
- package/templates/pi/scripts/languages/rust/validate-tests.sh +150 -0
- package/templates/pi/scripts/languages/typescript/validate-architecture.sh +157 -0
- package/templates/pi/scripts/languages/typescript/validate-canonical.sh +135 -0
- package/templates/pi/scripts/languages/typescript/validate-ci.sh +244 -0
- package/templates/pi/scripts/languages/typescript/validate-integration.sh +166 -0
- package/templates/pi/scripts/languages/typescript/validate-operations.sh +162 -0
- package/templates/pi/scripts/languages/typescript/validate-security.sh +169 -0
- package/templates/pi/scripts/languages/typescript/validate-tests.sh +158 -0
- package/templates/pi/scripts/merge-mr.sh +95 -0
- package/templates/pi/scripts/mr-validation.sh +228 -0
- package/templates/pi/scripts/validate-architecture-readiness.sh +153 -0
- package/templates/pi/scripts/validate-architecture.sh +22 -0
- package/templates/pi/scripts/validate-canonical.sh +22 -0
- package/templates/pi/scripts/validate-ci.sh +37 -0
- package/templates/pi/scripts/validate-integration.sh +22 -0
- package/templates/pi/scripts/validate-operations.sh +22 -0
- package/templates/pi/scripts/validate-security.sh +22 -0
- package/templates/pi/scripts/validate-tests.sh +22 -0
- package/templates/pi/scripts/validate-ubiquitous-language.sh +291 -0
- package/templates/pi/scripts/validation-cache.sh +139 -0
- package/templates/pi/skills/agents/architecture-coordinator.md +178 -0
- package/templates/pi/skills/agents/architecture-generator.md +79 -0
- package/templates/pi/skills/agents/architecture-validator.md +74 -0
- package/templates/pi/skills/agents/ci-mr-validator.md +46 -0
- package/templates/pi/skills/agents/code-developer.md +76 -0
- package/templates/pi/skills/agents/commit.md +46 -0
- package/templates/pi/skills/agents/curator.md +71 -0
- package/templates/pi/skills/agents/debug.md +59 -0
- package/templates/pi/skills/agents/documentation-maintainer.md +36 -0
- package/templates/pi/skills/agents/goal-loop.md +125 -0
- package/templates/pi/skills/agents/hooks.md +122 -0
- package/templates/pi/skills/agents/integration-validator.md +35 -0
- package/templates/pi/skills/agents/issue-creator.md +75 -0
- package/templates/pi/skills/agents/issue-factory.md +143 -0
- package/templates/pi/skills/agents/kanban.md +85 -0
- package/templates/pi/skills/agents/land.md +59 -0
- package/templates/pi/skills/agents/operations-validator.md +43 -0
- package/templates/pi/skills/agents/pipeline.md +113 -0
- package/templates/pi/skills/agents/plan-mode.md +77 -0
- package/templates/pi/skills/agents/pull.md +40 -0
- package/templates/pi/skills/agents/push.md +41 -0
- package/templates/pi/skills/agents/security-validator.md +85 -0
- package/templates/pi/skills/agents/session-persistence.md +119 -0
- package/templates/pi/skills/agents/slash-commands.md +117 -0
- package/templates/pi/skills/agents/snippets.md +99 -0
- package/templates/pi/skills/agents/subagent-registry.md +78 -0
- package/templates/pi/skills/agents/test-validator.md +42 -0
- package/templates/pi/skills/validators/architecture-validator.md +43 -0
- package/templates/pi/skills/validators/ci-validator.md +27 -0
- package/templates/pi/skills/validators/context-compaction.md +73 -0
- package/templates/pi/skills/validators/integration-validator.md +38 -0
- package/templates/pi/skills/validators/model-registry.md +96 -0
- package/templates/pi/skills/validators/operations-validator.md +34 -0
- package/templates/pi/skills/validators/security-guards.md +72 -0
- package/templates/pi/skills/validators/security-validator.md +41 -0
- package/templates/pi/skills/validators/system-prompt-tiers.md +69 -0
- package/templates/pi/skills/validators/test-validator.md +33 -0
- package/templates/pi/types.ts +62 -0
- package/templates/pi/validators/README.md +93 -0
- package/templates/pi/validators/default.toml +209 -0
- package/templates/pi/validators/spring.toml +142 -0
- package/templates/pi/workpad.md +53 -0
- package/templates/project/java/Dockerfile +14 -0
- package/templates/project/java/README.md +40 -0
- package/templates/project/java/pom.xml +132 -0
- package/templates/project/typescript/Dockerfile +15 -0
- package/templates/project/typescript/README.md +29 -0
- package/templates/project/typescript/package.json +23 -0
- package/templates/project/typescript/tsconfig.json +21 -0
- package/templates/workflow.md +123 -0
|
@@ -0,0 +1,37 @@
|
|
|
1
|
+
---
|
|
2
|
+
title: Bootstrap Implementer
|
|
3
|
+
role: builder
|
|
4
|
+
---
|
|
5
|
+
|
|
6
|
+
# Bootstrap Implementer
|
|
7
|
+
|
|
8
|
+
## Purpose
|
|
9
|
+
Execute ONE issue at a time with strict acceptance-criteria closure and minimal drift. Owns Phase C (Implementation). Produces working code, passing tests, and evidence for each acceptance criterion.
|
|
10
|
+
|
|
11
|
+
## Authority
|
|
12
|
+
**May:** Create feature branches, implement code and tests, update documentation and runbooks within issue scope, run local validation and quality gates.
|
|
13
|
+
**May not:** Change scope, implement work outside the assigned issue's acceptance criteria, modify contracts without explicit issue scope, skip validation path, merge without architecture validation.
|
|
14
|
+
|
|
15
|
+
## Inputs
|
|
16
|
+
- Single assigned issue from Phase B (with acceptance criteria, verification requirements, canonical references)
|
|
17
|
+
- Planning packet (for scope context)
|
|
18
|
+
- Dependency status (earlier issues complete?)
|
|
19
|
+
- `.pi/architecture/modules/` — relevant module docs
|
|
20
|
+
- `.pi/architecture/decisions/` — relevant ADRs
|
|
21
|
+
|
|
22
|
+
## Outputs
|
|
23
|
+
- Implementation report containing:
|
|
24
|
+
- Readiness check (dependencies satisfied, issue implementation-ready)
|
|
25
|
+
- Acceptance criteria trace map (each criterion → files changed → evidence → validation command)
|
|
26
|
+
- Files changed
|
|
27
|
+
- Tests and CI impacts
|
|
28
|
+
- Toolchain validation results
|
|
29
|
+
- Documentation/runbook impacts
|
|
30
|
+
- Done/not-done per acceptance criterion with evidence
|
|
31
|
+
- Code, tests, config, docs changes on a feature branch
|
|
32
|
+
|
|
33
|
+
## Definition of Done
|
|
34
|
+
Done when all acceptance criteria are met, evidence is collected for each, the correct validation path has passed, tests are written and passing, and the implementation report is ready for architecture validator review.
|
|
35
|
+
|
|
36
|
+
## Escalation Rule
|
|
37
|
+
If dependencies are not satisfied (earlier issues incomplete), stop and escalate. Do not implement against blocked dependencies. If the implementation reveals unplanned scope or architecture concerns, flag them but do not deviate from the assigned issue.
|
|
@@ -0,0 +1,31 @@
|
|
|
1
|
+
---
|
|
2
|
+
title: Issue Factory
|
|
3
|
+
role: coordinator
|
|
4
|
+
---
|
|
5
|
+
|
|
6
|
+
# Issue Factory
|
|
7
|
+
|
|
8
|
+
## Purpose
|
|
9
|
+
Convert an approved planning packet into a set of independently-reviewable Git issues with proper dependency ordering, acceptance criteria, verification requirements, and canonical references. Owns Phase B (Issue Generation).
|
|
10
|
+
|
|
11
|
+
## Authority
|
|
12
|
+
**May:** Decompose scope into individual issues, set dependency order, assign labels (layer, type, risk), write acceptance criteria and verification requirements, select the appropriate issue template for each work unit.
|
|
13
|
+
**May not:** Redefine scope, change dependency order without coordinator approval, skip mandatory validators or CI gates, produce issues without an approved planning packet.
|
|
14
|
+
|
|
15
|
+
## Inputs
|
|
16
|
+
- Approved planning packet from Architecture Coordinator (Phase A output)
|
|
17
|
+
- Issue template set (contract, schema, service, handler, verification, rollout)
|
|
18
|
+
- `.pi/architecture/modules/` — for canonical references
|
|
19
|
+
- `.pi/architecture/decisions/` — for ADR references
|
|
20
|
+
|
|
21
|
+
## Outputs
|
|
22
|
+
- Epic draft with title, description, milestone, labels
|
|
23
|
+
- Issue set with dependency order
|
|
24
|
+
- Each issue: one primary outcome, one primary owner, clear acceptance criteria, verification criteria, canonical references
|
|
25
|
+
- Labels (layer::*, type::*, risk::*)
|
|
26
|
+
|
|
27
|
+
## Definition of Done
|
|
28
|
+
Done when every issue is independently reviewable, references canonical source sections, and is ordered to match the dependency graph. No issue should require clarification from the coordinator before implementation starts.
|
|
29
|
+
|
|
30
|
+
## Escalation Rule
|
|
31
|
+
If planning inputs contradict each other (e.g., scope and dependency graph disagree), return the packet to Architecture Coordinator for re-scoping. Do not invent a reconciliation step.
|
|
@@ -0,0 +1,32 @@
|
|
|
1
|
+
---
|
|
2
|
+
title: Operations Validator
|
|
3
|
+
role: validator
|
|
4
|
+
---
|
|
5
|
+
|
|
6
|
+
# Operations Validator
|
|
7
|
+
|
|
8
|
+
## Purpose
|
|
9
|
+
Verify that implementations are production-ready with proper observability, runbooks, rollback paths, and SLOs. Reviews planning packets (Phase A) and implementation reports (Phase D) for operational impact.
|
|
10
|
+
|
|
11
|
+
## Authority
|
|
12
|
+
**May:** Pass, pass-with-recommendations, or fail an epic/issue based on operational readiness. Define required monitoring, alerting, runbook, and release-readiness criteria.
|
|
13
|
+
**May not:** Redefine deployment architecture, implement operational changes directly, override architecture or security findings without escalation.
|
|
14
|
+
|
|
15
|
+
## Inputs
|
|
16
|
+
- Planning packet (for production-impacting epics only)
|
|
17
|
+
- Implementation diff
|
|
18
|
+
- Implementation report
|
|
19
|
+
- `.pi/architecture/modules/<operations>.md` — operations module docs
|
|
20
|
+
- `.pi/architecture/decisions/` — relevant ADRs
|
|
21
|
+
|
|
22
|
+
## Outputs
|
|
23
|
+
- Validation decision (pass / pass_with_recommendations / fail / n/a)
|
|
24
|
+
- Blocking operational gaps
|
|
25
|
+
- Non-blocking operational recommendations
|
|
26
|
+
- Release-readiness judgment
|
|
27
|
+
|
|
28
|
+
## Definition of Done
|
|
29
|
+
Done when observability obligations are explicit, runbooks are updated for the changed behavior, rollback path is documented, and release readiness is assessed.
|
|
30
|
+
|
|
31
|
+
## Escalation Rule
|
|
32
|
+
If the implementation changes production behavior without observability or rollback plan, block and escalate. Do not approve production-blind changes.
|
|
@@ -0,0 +1,33 @@
|
|
|
1
|
+
---
|
|
2
|
+
title: Security Validator
|
|
3
|
+
role: validator
|
|
4
|
+
---
|
|
5
|
+
|
|
6
|
+
# Security Validator
|
|
7
|
+
|
|
8
|
+
## Purpose
|
|
9
|
+
Verify that implementations maintain security controls and do not introduce regressions. Reviews planning packets (Phase A) and implementation reports (Phase D) for security impact.
|
|
10
|
+
|
|
11
|
+
## Authority
|
|
12
|
+
**May:** Pass, pass-with-recommendations, or fail an epic/issue based on security conformance. Distinguish between required-now and acceptable-later security work. Require changes before merge approval.
|
|
13
|
+
**May not:** Redefine architecture security policy, implement security fixes directly, override architecture or operations findings without escalation.
|
|
14
|
+
|
|
15
|
+
## Inputs
|
|
16
|
+
- Planning packet (for security-impacting epics only)
|
|
17
|
+
- Implementation diff
|
|
18
|
+
- Implementation report
|
|
19
|
+
- `.pi/architecture/modules/<security>.md` — security module docs
|
|
20
|
+
- `.pi/architecture/decisions/` — relevant ADRs
|
|
21
|
+
- `.pi/validators/` — security rule configurations
|
|
22
|
+
|
|
23
|
+
## Outputs
|
|
24
|
+
- Validation decision (pass / pass_with_recommendations / fail / n/a)
|
|
25
|
+
- Blocking security findings
|
|
26
|
+
- Non-blocking security recommendations
|
|
27
|
+
- Required issue changes now vs. deferred security work
|
|
28
|
+
|
|
29
|
+
## Definition of Done
|
|
30
|
+
Done when all trust boundaries have been reviewed, no security control regressions remain in the issue scope, and security obligations are explicitly documented as required-now or acceptable-later.
|
|
31
|
+
|
|
32
|
+
## Escalation Rule
|
|
33
|
+
If the implementation introduces a trust boundary violation, secrets leak, or auth bypass, block immediately and escalate. Do not defer high-severity findings.
|
|
@@ -0,0 +1,78 @@
|
|
|
1
|
+
# Architecture Change Log
|
|
2
|
+
|
|
3
|
+
<!--
|
|
4
|
+
Canonical Reference: .pi/architecture/CHANGELOG.md
|
|
5
|
+
Blueprint Source: Guardian Framework v1.2
|
|
6
|
+
DO NOT EDIT GENERATED FILES - Modify this source only
|
|
7
|
+
-->
|
|
8
|
+
|
|
9
|
+
This document tracks all architecture changes requiring implementation updates.
|
|
10
|
+
|
|
11
|
+
---
|
|
12
|
+
|
|
13
|
+
## Change Log Format
|
|
14
|
+
|
|
15
|
+
Each entry follows this structure:
|
|
16
|
+
|
|
17
|
+
```markdown
|
|
18
|
+
## [YYYY-MM-DD] - [Change Title]
|
|
19
|
+
|
|
20
|
+
### Changed
|
|
21
|
+
- Module: [module-name]
|
|
22
|
+
- [Component]: [what changed]
|
|
23
|
+
- [Component]: [what changed]
|
|
24
|
+
|
|
25
|
+
### Impact Analysis
|
|
26
|
+
- Files affected:
|
|
27
|
+
- src/[path1]
|
|
28
|
+
- src/[path2]
|
|
29
|
+
- Canonical refs to update:
|
|
30
|
+
- .pi/architecture/modules/[module].md#[section]
|
|
31
|
+
- Validators required:
|
|
32
|
+
- [validator-name]
|
|
33
|
+
|
|
34
|
+
### Migration Steps
|
|
35
|
+
1. [Step 1]
|
|
36
|
+
2. [Step 2]
|
|
37
|
+
3. [Step 3]
|
|
38
|
+
|
|
39
|
+
### Status
|
|
40
|
+
- [ ] Architecture doc updated
|
|
41
|
+
- [ ] CHANGELOG entry added
|
|
42
|
+
- [ ] Implementation updated
|
|
43
|
+
- [ ] Canonical refs updated
|
|
44
|
+
- [ ] Validators run
|
|
45
|
+
```
|
|
46
|
+
|
|
47
|
+
---
|
|
48
|
+
|
|
49
|
+
## Entries
|
|
50
|
+
|
|
51
|
+
<!-- Add new entries above this line -->
|
|
52
|
+
|
|
53
|
+
---
|
|
54
|
+
|
|
55
|
+
## Template Usage
|
|
56
|
+
|
|
57
|
+
When making architecture changes:
|
|
58
|
+
|
|
59
|
+
1. **Before change**: Review existing architecture docs
|
|
60
|
+
2. **During change**: Update `.pi/architecture/modules/[module].md`
|
|
61
|
+
3. **After change**: Add entry to this CHANGELOG
|
|
62
|
+
4. **Implementation**: Follow migration steps, update canonical refs
|
|
63
|
+
5. **Validation**: Run `validate-canonical.sh` to verify sync
|
|
64
|
+
|
|
65
|
+
---
|
|
66
|
+
|
|
67
|
+
## Architecture Sync Status
|
|
68
|
+
|
|
69
|
+
Track which changes have been synced to implementation:
|
|
70
|
+
|
|
71
|
+
| Date | Change | Module | Sync Status | Validator Status |
|
|
72
|
+
|------|--------|--------|-------------|------------------|
|
|
73
|
+
| [date] | [title] | [module] | [pending/complete] | [pass/fail] |
|
|
74
|
+
|
|
75
|
+
---
|
|
76
|
+
|
|
77
|
+
*Last updated: [date]*
|
|
78
|
+
*Framework version: 1.2.0*
|
|
@@ -0,0 +1,76 @@
|
|
|
1
|
+
# Architecture Decision Record: [ADR-XXX]
|
|
2
|
+
|
|
3
|
+
<!--
|
|
4
|
+
Canonical Reference: .pi/architecture/decisions/ADR-XXX-[title].md
|
|
5
|
+
Blueprint Source: Guardian Framework v1.2
|
|
6
|
+
-->
|
|
7
|
+
|
|
8
|
+
## Title
|
|
9
|
+
|
|
10
|
+
[Short title describing the decision]
|
|
11
|
+
|
|
12
|
+
## Status
|
|
13
|
+
|
|
14
|
+
- [ ] Proposed
|
|
15
|
+
- [ ] Accepted
|
|
16
|
+
- [ ] Deprecated
|
|
17
|
+
- [ ] Superseded by ADR-XXX
|
|
18
|
+
|
|
19
|
+
## Context
|
|
20
|
+
|
|
21
|
+
[Describe the situation and problem that motivated this decision]
|
|
22
|
+
|
|
23
|
+
## Decision
|
|
24
|
+
|
|
25
|
+
[Describe the decision that was made]
|
|
26
|
+
|
|
27
|
+
## Alternatives Considered
|
|
28
|
+
|
|
29
|
+
| Alternative | Pros | Cons | Reason Rejected |
|
|
30
|
+
|-------------|------|------|-----------------|
|
|
31
|
+
| [Option 1] | [Pros] | [Cons] | [Why not chosen] |
|
|
32
|
+
| [Option 2] | [Pros] | [Cons] | [Why not chosen] |
|
|
33
|
+
| [Option 3] | [Pros] | [Cons] | [Why not chosen] |
|
|
34
|
+
|
|
35
|
+
## Consequences
|
|
36
|
+
|
|
37
|
+
### Positive
|
|
38
|
+
- [Benefit 1]
|
|
39
|
+
- [Benefit 2]
|
|
40
|
+
|
|
41
|
+
### Negative
|
|
42
|
+
- [Drawback 1]
|
|
43
|
+
- [Drawback 2]
|
|
44
|
+
|
|
45
|
+
### Neutral
|
|
46
|
+
- [Effect 1]
|
|
47
|
+
|
|
48
|
+
## Implementation
|
|
49
|
+
|
|
50
|
+
**Affected Modules:**
|
|
51
|
+
- `.pi/architecture/modules/[module1].md`
|
|
52
|
+
- `.pi/architecture/modules/[module2].md`
|
|
53
|
+
|
|
54
|
+
**Files to Update:**
|
|
55
|
+
- `src/[path1]`
|
|
56
|
+
- `src/[path2]`
|
|
57
|
+
|
|
58
|
+
**Canonical References:**
|
|
59
|
+
Implementation files should reference: `.pi/architecture/decisions/ADR-XXX-[title].md`
|
|
60
|
+
|
|
61
|
+
## Validation
|
|
62
|
+
|
|
63
|
+
**Validators Required:**
|
|
64
|
+
- architecture-validator: [Check layer compliance]
|
|
65
|
+
- security-validator: [If security implications]
|
|
66
|
+
- [Other validators]
|
|
67
|
+
|
|
68
|
+
## References
|
|
69
|
+
|
|
70
|
+
- Related ADRs: [ADR-XXX, ADR-YYY]
|
|
71
|
+
- External references: [Links to docs/articles]
|
|
72
|
+
|
|
73
|
+
---
|
|
74
|
+
|
|
75
|
+
*Decision date: [date]*
|
|
76
|
+
*Decision makers: [Names/roles]*
|
|
@@ -0,0 +1,159 @@
|
|
|
1
|
+
# System Architecture Overview
|
|
2
|
+
|
|
3
|
+
<!--
|
|
4
|
+
Canonical Reference: .pi/architecture/diagrams/system-overview.md
|
|
5
|
+
Blueprint Source: Guardian Framework v1.2
|
|
6
|
+
-->
|
|
7
|
+
|
|
8
|
+
## High-Level Architecture
|
|
9
|
+
|
|
10
|
+
```
|
|
11
|
+
┌─────────────────────────────────────────────────────────────────┐
|
|
12
|
+
│ External Clients │
|
|
13
|
+
│ (Web, Mobile, API Consumers) │
|
|
14
|
+
└─────────────────────────────────────────────────────────────────┘
|
|
15
|
+
│
|
|
16
|
+
▼
|
|
17
|
+
┌─────────────────────────────────────────────────────────────────┐
|
|
18
|
+
│ API Gateway Layer │
|
|
19
|
+
│ .pi/architecture/modules/api-gateway.md │
|
|
20
|
+
└─────────────────────────────────────────────────────────────────┘
|
|
21
|
+
│
|
|
22
|
+
▼
|
|
23
|
+
┌─────────────────────────────────────────────────────────────────┐
|
|
24
|
+
│ Business Logic Layer │
|
|
25
|
+
│ ┌──────────────┐ ┌──────────────┐ ┌──────────────┐ │
|
|
26
|
+
│ │ Auth │ │ Core │ │ Workflow │ │
|
|
27
|
+
│ │ Module │ │ Module │ │ Module │ │
|
|
28
|
+
│ └──────────────┘ └──────────────┘ └──────────────┘ │
|
|
29
|
+
└─────────────────────────────────────────────────────────────────┘
|
|
30
|
+
│
|
|
31
|
+
▼
|
|
32
|
+
┌─────────────────────────────────────────────────────────────────┐
|
|
33
|
+
│ Data Layer │
|
|
34
|
+
│ .pi/architecture/modules/data-layer.md │
|
|
35
|
+
│ ┌──────────────┐ ┌──────────────┐ ┌──────────────┐ │
|
|
36
|
+
│ │ Database │ │ Cache │ │ Storage │ │
|
|
37
|
+
│ └──────────────┘ └──────────────┘ └──────────────┘ │
|
|
38
|
+
└─────────────────────────────────────────────────────────────────┘
|
|
39
|
+
```
|
|
40
|
+
|
|
41
|
+
---
|
|
42
|
+
|
|
43
|
+
## Module Layers
|
|
44
|
+
|
|
45
|
+
| Layer | Modules | Purpose | Entry Point |
|
|
46
|
+
|-------|---------|---------|-------------|
|
|
47
|
+
| Presentation | api-gateway | Request handling, routing | src/api/ |
|
|
48
|
+
| Business | auth-system, core, workflow | Domain logic | src/modules/ |
|
|
49
|
+
| Data | data-layer, cache, storage | Persistence | src/data/ |
|
|
50
|
+
| Infrastructure | config, logging, monitoring | Cross-cutting | src/lib/ |
|
|
51
|
+
|
|
52
|
+
---
|
|
53
|
+
|
|
54
|
+
## Module Dependency Graph
|
|
55
|
+
|
|
56
|
+
```
|
|
57
|
+
api-gateway
|
|
58
|
+
│
|
|
59
|
+
├──→ auth-system
|
|
60
|
+
│ │
|
|
61
|
+
│ └──→ data-layer
|
|
62
|
+
│
|
|
63
|
+
├──→ core-module
|
|
64
|
+
│ │
|
|
65
|
+
│ ├──→ data-layer
|
|
66
|
+
│ │
|
|
67
|
+
│ └──→ cache-layer
|
|
68
|
+
│
|
|
69
|
+
└──→ workflow-module
|
|
70
|
+
│
|
|
71
|
+
└──→ core-module
|
|
72
|
+
```
|
|
73
|
+
|
|
74
|
+
---
|
|
75
|
+
|
|
76
|
+
## Data Flow Overview
|
|
77
|
+
|
|
78
|
+
### Request Flow
|
|
79
|
+
|
|
80
|
+
```
|
|
81
|
+
Request → API Gateway → Auth Validation → Business Logic → Data Layer → Response
|
|
82
|
+
│
|
|
83
|
+
▼
|
|
84
|
+
Cache Check
|
|
85
|
+
│
|
|
86
|
+
▼
|
|
87
|
+
(if needed)
|
|
88
|
+
```
|
|
89
|
+
|
|
90
|
+
### Event Flow
|
|
91
|
+
|
|
92
|
+
```
|
|
93
|
+
Business Logic → Event Bus → Event Handlers → Side Effects
|
|
94
|
+
│
|
|
95
|
+
└──→ Logging/Metrics
|
|
96
|
+
```
|
|
97
|
+
|
|
98
|
+
---
|
|
99
|
+
|
|
100
|
+
## Deployment Architecture
|
|
101
|
+
|
|
102
|
+
```
|
|
103
|
+
┌─────────────────────────────────────────────────────────────────┐
|
|
104
|
+
│ Load Balancer │
|
|
105
|
+
└─────────────────────────────────────────────────────────────────┘
|
|
106
|
+
│ │ │
|
|
107
|
+
▼ ▼ ▼
|
|
108
|
+
┌─────────────┐ ┌─────────────┐ ┌─────────────┐
|
|
109
|
+
│ App │ │ App │ │ App │
|
|
110
|
+
│ Instance │ │ Instance │ │ Instance │
|
|
111
|
+
│ #1 │ │ #2 │ │ #3 │
|
|
112
|
+
└─────────────┘ └─────────────┘ └─────────────┘
|
|
113
|
+
│ │ │
|
|
114
|
+
└────────────────────┼────────────────────┘
|
|
115
|
+
│
|
|
116
|
+
▼
|
|
117
|
+
┌─────────────────┐
|
|
118
|
+
│ Shared Data │
|
|
119
|
+
│ Layer │
|
|
120
|
+
└─────────────────┘
|
|
121
|
+
```
|
|
122
|
+
|
|
123
|
+
---
|
|
124
|
+
|
|
125
|
+
## Security Boundaries
|
|
126
|
+
|
|
127
|
+
| Boundary | Enforcement | Module |
|
|
128
|
+
|----------|-------------|--------|
|
|
129
|
+
| External → API Gateway | Rate limiting, CORS | api-gateway |
|
|
130
|
+
| API Gateway → Business | Auth validation | auth-system |
|
|
131
|
+
| Business → Data | Query auth, encryption | data-layer |
|
|
132
|
+
|
|
133
|
+
---
|
|
134
|
+
|
|
135
|
+
## Key Integration Points
|
|
136
|
+
|
|
137
|
+
| Integration | Protocol | Module | Documentation |
|
|
138
|
+
|-------------|----------|--------|---------------|
|
|
139
|
+
| [API Name] | REST/GraphQL | api-gateway | .pi/architecture/modules/api-gateway.md#integrations |
|
|
140
|
+
| [Database] | SQL/NoSQL | data-layer | .pi/architecture/modules/data-layer.md#connections |
|
|
141
|
+
| [Cache] | Redis/Memory | cache-layer | .pi/architecture/modules/cache-layer.md |
|
|
142
|
+
|
|
143
|
+
---
|
|
144
|
+
|
|
145
|
+
## Canonical Reference Template
|
|
146
|
+
|
|
147
|
+
Implementation files should reference this overview when describing system-level behavior:
|
|
148
|
+
|
|
149
|
+
```typescript
|
|
150
|
+
/**
|
|
151
|
+
* Canonical Reference: .pi/architecture/diagrams/system-overview.md#[section]
|
|
152
|
+
* Implements: [component at layer X]
|
|
153
|
+
*/
|
|
154
|
+
```
|
|
155
|
+
|
|
156
|
+
---
|
|
157
|
+
|
|
158
|
+
*Last updated: [date]*
|
|
159
|
+
*Architecture version: [version]*
|
|
@@ -0,0 +1,152 @@
|
|
|
1
|
+
# [Module Name] Architecture
|
|
2
|
+
|
|
3
|
+
<!--
|
|
4
|
+
Canonical Reference: .pi/architecture/modules/[module-name].md
|
|
5
|
+
Blueprint Source: Guardian Framework v1.2
|
|
6
|
+
Generated: NEVER (this is the source)
|
|
7
|
+
-->
|
|
8
|
+
|
|
9
|
+
## Overview
|
|
10
|
+
|
|
11
|
+
[Brief description of the module's purpose and scope within the system]
|
|
12
|
+
|
|
13
|
+
## Responsibilities
|
|
14
|
+
|
|
15
|
+
- [Responsibility 1]
|
|
16
|
+
- [Responsibility 2]
|
|
17
|
+
- [Responsibility 3]
|
|
18
|
+
|
|
19
|
+
## Components
|
|
20
|
+
|
|
21
|
+
| Component | File Path | Purpose | Canonical Section |
|
|
22
|
+
|-----------|-----------|---------|-------------------|
|
|
23
|
+
| [Name] | src/[path] | [Description] | #[section] |
|
|
24
|
+
| [Name] | src/[path] | [Description] | #[section] |
|
|
25
|
+
|
|
26
|
+
---
|
|
27
|
+
|
|
28
|
+
## Component Details
|
|
29
|
+
|
|
30
|
+
### [Component Name]
|
|
31
|
+
|
|
32
|
+
**Purpose:** [What this component does]
|
|
33
|
+
|
|
34
|
+
**Implementation File:** `src/[path]`
|
|
35
|
+
|
|
36
|
+
**Canonical Reference:** `.pi/architecture/modules/[module-name].md#[component-section]`
|
|
37
|
+
|
|
38
|
+
**Dependencies:**
|
|
39
|
+
- [Dependency 1]
|
|
40
|
+
- [Dependency 2]
|
|
41
|
+
|
|
42
|
+
**Interface:**
|
|
43
|
+
|
|
44
|
+
```typescript
|
|
45
|
+
// Public interface
|
|
46
|
+
interface [InterfaceName] {
|
|
47
|
+
[method signatures]
|
|
48
|
+
}
|
|
49
|
+
```
|
|
50
|
+
|
|
51
|
+
---
|
|
52
|
+
|
|
53
|
+
## Data Flow
|
|
54
|
+
|
|
55
|
+
```
|
|
56
|
+
[Input Source]
|
|
57
|
+
│
|
|
58
|
+
▼
|
|
59
|
+
[Processing Component]
|
|
60
|
+
│
|
|
61
|
+
▼
|
|
62
|
+
[Output Destination]
|
|
63
|
+
```
|
|
64
|
+
|
|
65
|
+
**Flow Description:**
|
|
66
|
+
1. [Step 1]
|
|
67
|
+
2. [Step 2]
|
|
68
|
+
3. [Step 3]
|
|
69
|
+
|
|
70
|
+
---
|
|
71
|
+
|
|
72
|
+
## Dependencies
|
|
73
|
+
|
|
74
|
+
### Depends On
|
|
75
|
+
- **[Module Name]**: [Why/what it provides]
|
|
76
|
+
- **[Module Name]**: [Why/what it provides]
|
|
77
|
+
|
|
78
|
+
### Used By
|
|
79
|
+
- **[Module Name]**: [Why/what it uses]
|
|
80
|
+
- **[Module Name]**: [Why/what it uses]
|
|
81
|
+
|
|
82
|
+
---
|
|
83
|
+
|
|
84
|
+
## Security Considerations
|
|
85
|
+
|
|
86
|
+
| Concern | Mitigation | Validator |
|
|
87
|
+
|---------|------------|-----------|
|
|
88
|
+
| [Concern 1] | [Mitigation] | security-validator |
|
|
89
|
+
| [Concern 2] | [Mitigation] | security-validator |
|
|
90
|
+
|
|
91
|
+
**Authentication/Authorization:**
|
|
92
|
+
- [Auth requirements]
|
|
93
|
+
|
|
94
|
+
**Data Protection:**
|
|
95
|
+
- [Encryption/sanitization requirements]
|
|
96
|
+
|
|
97
|
+
---
|
|
98
|
+
|
|
99
|
+
## Testing Requirements
|
|
100
|
+
|
|
101
|
+
| Test Type | Coverage Target | Files |
|
|
102
|
+
|-----------|-----------------|-------|
|
|
103
|
+
| Unit | [X]% | tests/unit/[module].test.ts |
|
|
104
|
+
| Integration | [Y]% | tests/integration/[module].test.ts |
|
|
105
|
+
| E2E | [Z]% | tests/e2e/[module].test.ts |
|
|
106
|
+
|
|
107
|
+
**Key Test Scenarios:**
|
|
108
|
+
- [Scenario 1]
|
|
109
|
+
- [Scenario 2]
|
|
110
|
+
- [Scenario 3]
|
|
111
|
+
|
|
112
|
+
---
|
|
113
|
+
|
|
114
|
+
## Error Handling
|
|
115
|
+
|
|
116
|
+
```typescript
|
|
117
|
+
// Error types defined in this module
|
|
118
|
+
class [ErrorType] extends Error {
|
|
119
|
+
constructor(message: string) {
|
|
120
|
+
super(message);
|
|
121
|
+
this.name = '[ErrorType]';
|
|
122
|
+
}
|
|
123
|
+
}
|
|
124
|
+
```
|
|
125
|
+
|
|
126
|
+
**Error Recovery:**
|
|
127
|
+
- [Error 1]: [Recovery strategy]
|
|
128
|
+
- [Error 2]: [Recovery strategy]
|
|
129
|
+
|
|
130
|
+
---
|
|
131
|
+
|
|
132
|
+
## Performance Considerations
|
|
133
|
+
|
|
134
|
+
| Metric | Target | Monitoring |
|
|
135
|
+
|--------|--------|------------|
|
|
136
|
+
| Latency | [X]ms | [How monitored] |
|
|
137
|
+
| Throughput | [Y] req/s | [How monitored] |
|
|
138
|
+
|
|
139
|
+
---
|
|
140
|
+
|
|
141
|
+
## Change Log References
|
|
142
|
+
|
|
143
|
+
| Date | Change | Section | Status |
|
|
144
|
+
|------|--------|---------|--------|
|
|
145
|
+
| [date] | [description] | #[section] | [synced/pending] |
|
|
146
|
+
|
|
147
|
+
See full details in `.pi/architecture/CHANGELOG.md`
|
|
148
|
+
|
|
149
|
+
---
|
|
150
|
+
|
|
151
|
+
*Last updated: [date]*
|
|
152
|
+
*Module version: [version]*
|
|
@@ -0,0 +1,91 @@
|
|
|
1
|
+
# Validation Checklists
|
|
2
|
+
|
|
3
|
+
> **Purpose:** Machine-parseable checklists for all validators. Used for caching — passed items are skipped on retry.
|
|
4
|
+
> **Generic:** Replace check items with your project's validation rules.
|
|
5
|
+
|
|
6
|
+
---
|
|
7
|
+
|
|
8
|
+
## Architecture Validation
|
|
9
|
+
|
|
10
|
+
### Pre-Implementation (Plan Review)
|
|
11
|
+
- [ ] Design follows existing module organization
|
|
12
|
+
- [ ] Error handling approach defined
|
|
13
|
+
- [ ] No duplicate types (grep verified)
|
|
14
|
+
- [ ] Dependencies identified and available
|
|
15
|
+
- [ ] Module structure planned
|
|
16
|
+
|
|
17
|
+
### Post-Implementation (Code Review)
|
|
18
|
+
- [ ] Wiring: callers exist (not dead code)
|
|
19
|
+
- [ ] No duplicate type definitions
|
|
20
|
+
- [ ] Module declared AND imported
|
|
21
|
+
- [ ] Tools/components registered in registry
|
|
22
|
+
- [ ] Errors integrated into parent error type
|
|
23
|
+
- [ ] E2E tests pass
|
|
24
|
+
- [ ] Architecture contract tests pass
|
|
25
|
+
|
|
26
|
+
## Security Validation
|
|
27
|
+
|
|
28
|
+
### All Code Changes
|
|
29
|
+
- [ ] No hardcoded secrets
|
|
30
|
+
- [ ] No command injection (no `Command::new` + `format!`)
|
|
31
|
+
- [ ] Path traversal prevention (canonicalize + starts_with)
|
|
32
|
+
- [ ] Input validation on all external inputs
|
|
33
|
+
- [ ] Secrets not logged
|
|
34
|
+
- [ ] Risk levels properly assigned (Safe/Medium/Dangerous)
|
|
35
|
+
|
|
36
|
+
## Operations Validation
|
|
37
|
+
|
|
38
|
+
### Performance
|
|
39
|
+
- [ ] No O(N²) where O(N) expected
|
|
40
|
+
- [ ] Proper data structures used
|
|
41
|
+
- [ ] Memory within bounds
|
|
42
|
+
|
|
43
|
+
### Observability
|
|
44
|
+
- [ ] `#[instrument]` on public functions
|
|
45
|
+
- [ ] Proper span fields
|
|
46
|
+
- [ ] Events for state changes
|
|
47
|
+
- [ ] No secrets in logs
|
|
48
|
+
|
|
49
|
+
### Reliability
|
|
50
|
+
- [ ] CancellationToken passed to all async ops
|
|
51
|
+
- [ ] Proper cleanup on cancellation
|
|
52
|
+
- [ ] Atomic writes (write-rename pattern)
|
|
53
|
+
- [ ] Resource cleanup (Drop implementations)
|
|
54
|
+
|
|
55
|
+
## Test Validation
|
|
56
|
+
|
|
57
|
+
### Coverage
|
|
58
|
+
- [ ] All tests pass
|
|
59
|
+
- [ ] Coverage ≥ 80%
|
|
60
|
+
- [ ] All new code has tests
|
|
61
|
+
- [ ] Tests follow AAA pattern (Arrange-Act-Assert)
|
|
62
|
+
|
|
63
|
+
### Quality
|
|
64
|
+
- [ ] No flaky tests
|
|
65
|
+
- [ ] Integration tests pass
|
|
66
|
+
- [ ] E2E tests pass
|
|
67
|
+
- [ ] Architecture contract tests pass
|
|
68
|
+
|
|
69
|
+
## Integration Validation
|
|
70
|
+
|
|
71
|
+
### Component Interaction
|
|
72
|
+
- [ ] Component interfaces match design
|
|
73
|
+
- [ ] No circular dependencies
|
|
74
|
+
- [ ] End-to-end flows work
|
|
75
|
+
- [ ] Error propagation across boundaries
|
|
76
|
+
|
|
77
|
+
## CI/MR Validation
|
|
78
|
+
|
|
79
|
+
### Build & Test
|
|
80
|
+
- [ ] Build succeeds
|
|
81
|
+
- [ ] All tests pass
|
|
82
|
+
- [ ] Lint passes
|
|
83
|
+
- [ ] Format check passes
|
|
84
|
+
- [ ] Security audit passes
|
|
85
|
+
|
|
86
|
+
### Merge Readiness
|
|
87
|
+
- [ ] Required approvals present
|
|
88
|
+
- [ ] CI checks all green
|
|
89
|
+
- [ ] No merge conflicts
|
|
90
|
+
- [ ] PR description complete
|
|
91
|
+
- [ ] Issues linked
|